In a business project such as a software development, information sharing means such as FTP (File Transfer Protocol), Web, an electronic mail, a USB (Universal Serial Bus) memory, CD-R (Compact Disc-Recordable)/DVD-R (Digital Versatile Disc-Recordable) are generally used for the sake of information sharing among project members.
However, the raise of importance of compliance and information protection in recent years requires prevention of an unallowable leakage of information to the outside of the project, such as the Internet. Thus, the use of the following techniques is increasing.
1. Content Encrypting Technique
As one example of content encrypting techniques, it is possible to list a rights management system (RMS) disclosed in a non-patent document 1 (“Technical Overview of Windows (Registered Trademark) Rights Management Services for Windows (Registered Trademark) Sever 2003” (April 2005, pp. 22-23), http://www.microsoft.com/windowsserver2003/techinfo/overview/rmenterprisewp.mspx). The rights management system has: a business application (RMS application) such as a word processor and spreadsheet program in which an encryption middleware is incorporated; and an RMS server having user authentication and key managing functions.
When a data generator shares business data with a specific data user, the RMS application and the RMS server execute encrypting and decrypting processes, in linkage with each other as described below.
(a) An RMS application of the data generator encrypts the business data and stores the encrypted business data in a secondary storage in a terminal of the data generator. Then, the RMS application generates a use license, which includes an encryption key and the like, and registers it in the RMS server.
(b) The data generator uses the aforementioned general information sharing means to share the encrypted business data with another data user.
(c) When the data user uses the encrypted business data, the RMS application requests the use license to the RMS server.
(d) The RMS server, when authenticating the data user and admitting the existence of the use right of the business data, distributes the use license to an RMS application of the data user.
(e) The RMS application of the data user, after extracting the encryption key from the distributed use license and decrypting the encrypted business data, executes a use of the business data, such as browsing and printing, in accordance with the request from the data user.
As a condition that the RMS server admits the use right of the data user at the process (d), it is possible to define an information sharing policy under which the data user belongs to a specific user group. Consequently, without depending on the information sharing means, a safe information sharing is realized which is limited to specific business project members. Therefore, neutrality from the information sharing means is retained.
2. Link Between Virtual Technique and Access Control Technique
As one example of link between virtual technique and access control technique, there is an information protecting system disclosed in a patent document 1 (Japanese Laid Open Patent Application (JP-P2006-201845A). The information protecting system contains; virtual machines classified into two types of “secret” and “general”; and a security gateway for monitoring and controlling a communication between the both virtual machines. The virtual machines and the security gateway are implemented on a user terminal in which a machine virtualizing mechanism is incorporated.
Then, in the information protecting system, since the security gateway is operated to permit only data transmissions from the general virtual machine to the secret virtual machine, business data treated by the secret virtual machine is protected from being leaked to a general virtual machine. Moreover, according to the information protecting system, when communication with an information sharing server of a business project is limited to the secret virtual machine, an information sharing limited to project members is attained.
The information protecting system is application-neutral because any application can be used in business, differently from the aforementioned RMS system. Also, since attacks from a malicious end user and a malicious soft ware is effective only in the virtual machine and has no influence on the security gateway that is operated outside the virtual machine, a robustness of the information protecting system is high.
A non-patent document 2 (Watanabe, Y., et al., “Bridging the Gap between Inter-communication Boundary and Internal Trusted Component”, Proceedings of ESORICS 2006, Lecture Notes on Computer Science, vol. 4189, pp. 65-80, 2006) discloses a protecting method of an IP communication through a security gateway having a data encrypting function referred to as a secure messaging router (SMR).
However, according to the technique in the non-patent document 1, it is difficult to change all of the various applications such as a design tool, a development tool, a source code version management tool and the like into RMS applications by incorporating the encryption middleware into all of the various applications. Also, it is sufficiently considered that business data decrypted in the RMS application is illegally extracted through an attack to a vulnerability of the RMS application, such as a buffer overflow or an attack which deprives a privilege of an OS (Operating System) kernel, such as a route kit.
Also, the information protecting system disclosed in the patent document 1 does not contain data encrypting means differently from the RMS system. Thus, it cannot be prevented that a non-project member illegally peeks or steals business data on a route of information sharing, such as an IP (Internet Protocol) communication and a USB memory.
Also, the technique in the non-patent document 2 does not disclose a protecting method for secondary storage devices such as a USB memory, a CD-R, and DVD-R.
Also, in the aforementioned techniques, the access control means in the virtual layer, which contributes to the application neutrality and robustness, does not have data encrypting means that contributes to the neutrality from the information sharing means, or has the data encrypting means which are applied to only limited information sharing means. Thus, any of the aforementioned techniques has a problem that the neutrality from the information sharing means, the neutrality from the application, or the robustness is not satisfied.